Point in time backup and recovery of zone records using the STACKIT DNS export/import feature
Point in time recovery on DNS Zones is a great way to create a backup of a records configuration which is known to work. If a DNS zone is compromised e. g. due to a cyber attack, accidental misconfiguration, or experimental changes, a point in time recovery allows you to restore the DNS zone content to a previous state, minimising downtime and potential damage.
Prerequisites
Section titled “Prerequisites”- You have a STACKIT customer account: Create a customer Account
- You have a STACKIT user account: Create a user account
- You have a STACKIT project: Create a project
- For backup: You have a valid DNS Zone configuration: Manage DNS Zones
- For recovery: You have a backup file of a valid DNS Zone configuration.
Creating a Point in Time Backup of the desired zone
Section titled “Creating a Point in Time Backup of the desired zone”| Parameter | Description | Example |
|---|---|---|
| Auth-Token | The auth token to authenticate your client | eynsdhf89… |
| projectId | Defines how often on every day a backup is created | 23142134-21… |
| zoneId | Defines how often on every day a backup is created | 4389782-43… |
To receive the backup, use the following API call:
curl --location --request POST 'https://dns.api.stackit.cloud/v1/projects/[projectId]/zones/[zoneId]/export' --header 'Accept: application/json' --header 'Authorization: Bearer [Auth-Token]' --data '{"format": "csv","exportAsFQDN": false}' | jq.The format and exportAsFQDN fields don’t matter for point in time recovery. This should download a file with the zone content, like this:
pitr.test.,3600,SOA,"ns1.stackit.cloud. hostmaster.stackit.cloud. 2024040500 3600 600 1209600 60",pitr.test.,3600,NS,"ns1.stackit.cloud.",pitr.test.,3600,NS,"ns2.stackit.zone.",a,3600,A,"1.2.3.5",this is a commenta,3600,A,"1.2.3.4",this is a commenttxt,3600,TXT,"recover me",Restoring a zone from backup
Section titled “Restoring a zone from backup”Once you have a valid backup (in any format), you can recover a zone using the import endpoint of the API.
| Parameter | Description | Example |
|---|---|---|
| Auth-Token | The auth token to authenticate your client | eynsdhf89… |
| projectId | Defines how often on every day a backup is created | 23142134-21… |
| zoneId | Defines how often on every day a backup is created | 4389782-43… |
| format | The format of the backup file | csv |
| import-type | The type of import operation | restore |
| backup-file-as-ascii | The content of the backup file as ASCII | pitr.test.,3600,SOA,“ns1.stackit.clo… |
curl --location --request POST 'https://dns.api.stackit.cloud/v1/projects/[projectId]/zones/[zoneId]/import?format=[format]&importType=[import-type]' --header '[backup-file-as-ascii]' | jq.Example:
curl --location --request POST 'https://dns.api.stackit.cloud/v1/projects/44f6bfca-8ab2-4625-a705-ed70f955f41e/zones/b33cb1df-7f63-4bd5-94ca-1c9ad5bc896c/import?format=csv&importType=restore' --header 'pitr.test.,3600,SOA,"ns1.stackit.cloud. hostmaster.stackit.cloud. 2024040500 3600 600 1209600 60",pitr.test.,3600,NS,"ns1.stackit.cloud.",pitr.test.,3600,NS,"ns2.stackit.zone.",a,3600,A,"1.2.3.5",this is a commenta,3600,A,"1.2.3.4",this is a commenttxt,3600,TXT,"recover me",' | jq.